Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    UnitedHealth says data of 100 million stolen in Change Healthcare breach

    Karlston

    By Karlston,
    Published Date:

    • 209 views
    • 4 minutes
     Share
    • 209 views
    • 4 minutes

    UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.

     

    In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack.

     

    A month later, Change Healthcare published a data breach notification warning that the February ransomware attack on Change Healthcare exposed a "substantial quantity of data" for a "substantial proportion of people in America."

     

    Today, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal updated the total number of impacted people to 100 million, making it the first time UnitedHealth, the parent company of Change Healthcare, put an official number to the breach.

     

    "On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach," reads an updated FAQ on the OCR website.

     

    Updated number of people impacted by the Change Healthcare data breach
    Updated number of people impacted by the Change Healthcare data breach
    Source: HHS

    Data breach notifications sent by Change Healthcare since June state that a massive amount of sensitive information was stolen during the February ransomware attack, including:

     

    • Health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);
    • Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment);
    • Billing, claims and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due); and/or
    • Other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers.

     

    The information may be different for each individual, and not everyone's medical history was exposed.

    The Change Healthcare ransomware attack

    This data breach was caused by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which led to widespread outages in the U.S. healthcare system.

     

    The disruption to the company's IT systems prevented doctors and pharmacies from filing claims and prevented pharmacies from accepting discount prescription cards, causing patients to pay full price for medications.

     

    The BlackCat ransomware gang, aka ALPHV, conducted the attack, using stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled.

     

    During the attack, the threat actors stole 6 TB of data and ultimately encrypted computers on the network, causing the company to shut down IT systems to prevent the spread of the attack.

     

    The UnitedHealth Group admitted to paying a ransom demand to receive a decryptor and for the threat actors to delete the stolen data. The ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack.

     

    This ransom payment was supposed to be split between the affiliate and the ransomware operation, but the BlackCat suddenly shut down, stealing the entire payment for themselves and pulling an exit scam.

     

    Alleged ALPHV affiliate claiming they were scammed by BlackCat
    ALPHV affiliate claiming they were scammed by BlackCat
    source: Dmitry Smilyanets

    However, this wasn't the end of Change Healthcare's problems, as the affiliate claimed they still had the company's data and did not delete it as promised. The affiliate partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released.

     

    The entry for Change Healthcare entry on RansomHub's data leak site mysteriously disappeared a few days later, possibly indicating that United Health paid a second ransom demand.

     

    UnitedHealth said in April that the Change Healthcare ransomware attack caused $872 million in losses, which increased as part of the Q3 2024 earnings to an expected $2.45 billion for the nine months to September 30, 2024,

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts

     

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...